package com.itheima.health.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Author: liangWeiQUQ
 * @Description: 将用户地数据以及访问控制地规则以配置地方式告诉框架
 * @DateTime: 2021/3/6 12:20
 **/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局方法权限注解支持
public class CustomerSecurity extends WebSecurityConfigurerAdapter {
    @Autowired
    private CustomerUserDetail customerUserDetail;
    /**
       * @Author: 传闻中的梁大侠
       * @Date: 12:23 2021/3/6
       * @Parms [auth]
       * @ReturnType: void
       * @Description: 初始化角色的用户信息
     */

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //创建一个用户详情的配置类文件
        //InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> config = auth.inMemoryAuthentication();
        ////配置用户信息
        //config.withUser("admin").authorities("ROLE_ADMIN").password("{noop}1234");
        //config.withUser("zhangsan").authorities("ROLE_01","add").password("{noop}1234");
        //config.withUser("lisi").authorities("ROLE_02","find").password("{noop}1234");
        //初始化角色信息
        auth.userDetailsService(customerUserDetail);
    }

    /**
     * @Author: 传闻中的梁大侠
     * @Date: 16:48 2021/3/6
     * @Parms [http]
     * @ReturnType: void
     * @Description: 配置控制访问
     */

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //代表使用security默认的登录
        http.formLogin()
                .loginProcessingUrl("/sec/login") //登录请求地址
                .loginPage("/login.html") //登录页面
                .defaultSuccessUrl("/main.html") //登录成功后默认页面
                .failureUrl("/login-fail.html"); //登录失败页面


        http.logout()
                .logoutUrl("/sec/logout") //登出请求地址
                .logoutSuccessUrl("/login.html"); //登出后的默认页面
        http.exceptionHandling()
                .accessDeniedPage("/auth-fail.html");//权限不足的配置页面
        http.csrf().disable();//跨站攻击关闭
        http.authorizeRequests().antMatchers("*.js", "*.css").permitAll(); //无需登录即可访问
         /*
            hasAnyAuthority: 拥有其中的某一项角色或者权限即可访问
            hasAuthority: 单个角色或者权限
            hasAnyRole: 拥有其中的某一项角色
            hasRole: 单个角色
            authenticated() 登录后即可访问
         */
        http.authorizeRequests().antMatchers("/pages/checkitem.html").hasAnyAuthority("ROLE_ADMIN", "add");
        http.authorizeRequests().antMatchers("/pages/checkgroup.html").hasAnyAuthority("find");
        http.authorizeRequests().antMatchers("/main.html","/pages/**").authenticated(); //登录后即可访问
    }
}
